260761
|
- |
|
netweblogic
|
login_with_ajax
|
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify…
|
CWE-352
Origin Validation Error
|
CVE-2013-2707
|
2013-05-10 20:42 |
2013-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260762
|
- |
|
wppa.opajaap
|
wp-photo-album-plus
|
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the comm…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3254
|
2013-05-10 20:42 |
2013-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260763
|
- |
|
symantec
|
brightmail_gateway
|
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1611
|
2013-05-10 13:00 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260764
|
- |
|
cisco
|
unified_customer_voice_portal
|
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbit…
|
CWE-16
Configuration
|
CVE-2013-1222
|
2013-05-9 22:54 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260765
|
- |
|
ibm
|
websphere_datapower_xc10_appliance_firmware websphere_datapower_xc10_appliance
|
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown…
|
NVD-CWE-noinfo
|
CVE-2013-0600
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260766
|
- |
|
invensys
|
wonderware_information_server
|
SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-0684
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260767
|
- |
|
invensys
|
wonderware_information_server
|
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0685
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260768
|
- |
|
invensys
|
wonderware_information_server
|
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of ser…
|
CWE-20
Improper Input Validation
|
CVE-2013-0686
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260769
|
- |
|
invensys
|
wonderware_information_server
|
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via un…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0688
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260770
|
- |
|
cisco
|
unified_customer_voice_portal
|
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVIT…
|
NVD-CWE-Other
|
CVE-2013-1220
|
2013-05-9 21:31 |
2013-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|